3.0.0.23

Fix for #3520
Fix vulnerability related to teampass-seckey.txt file

api/Model/ItemModel.php

@@ -77,7 +77,7 @@ public function getItems(string $sqlExtra, int $limit, string $userPrivateKey, i
                 if (empty($path) === true) {
                     $path = htmlspecialchars(stripslashes(htmlspecialchars_decode($elem->title, ENT_QUOTES)), ENT_QUOTES);
                 } else {
-                    $path .= '>' . htmlspecialchars(stripslashes(htmlspecialchars_decode($elem->title, ENT_QUOTES)), ENT_QUOTES);
+                    $path .= '/' . htmlspecialchars(stripslashes(htmlspecialchars_decode($elem->title, ENT_QUOTES)), ENT_QUOTES);
                 }
             }
 

includes/config/include.php

@@ -12,12 +12,12 @@
  * @copyright 2009-2022 Nils Laumaillé
  * @license   https://spdx.org/licenses/GPL-3.0-only.html#licenseText GPL-3.0
  *
- * @version   3.0.0.22
+ * @version   3.0.0.23
  *
  * @see      http://www.teampass.net
  */
 define('TP_VERSION', '3.0.0');
-define('TP_VERSION_FULL', TP_VERSION.'.22');
+define('TP_VERSION_FULL', TP_VERSION.'.23');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);

includes/core/load.js.php

@@ -11,7 +11,7 @@
  * ---
  *
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      load.js.php
  * ---
  *

includes/core/login.js.php

@@ -11,7 +11,7 @@
  * ---
  *
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      login.js.php
  * ---
  *

includes/core/login.php

@@ -11,7 +11,7 @@
  * ---
  *
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      login.php
  * ---
  *

includes/core/logout.php

@@ -11,7 +11,7 @@
  * ---
  *
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      logout.php
  * ---
  *

includes/core/otv.php

@@ -11,7 +11,7 @@
  * ---
  *
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      otv.php
  * ---
  *

includes/language/arabic.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      arabic.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/bulgarian.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      bulgarian.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/catalan.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      catalan.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/chinese.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      chinese.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/czech.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      czech.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/dutch.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      dutch.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/english.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      english.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)
@@ -517,7 +517,7 @@
     'api_whitelist_ips' => 'API IPs Whitelist',
     'api_whitelist_ips_tip' => 'If no API client IP addresses are explicitly listed here, then any IP address is authorized.',
     'email_share_item_subject' => 'A password item was shared with you',
-    'email_share_item_mail' => 'Hello,<br><br>This is a generated email from Teampass passwords manager.<br><br>#tp_user# has shared with you the password item #tp_item#.<br><br><a href=\'#tp_link#\'>Click this link</a> to access the item.<br><br><br>Greetings',
+    'email_share_item_mail' => 'Hello,<br><br>This is a generated email from Teampass passwords manager.<br><br>#tp_user# has shared with you the password item #tp_item#.<br><br><a href="#tp_link#">Click this link</a> to access the item.<br><br><br>Greetings',
     'index_maintenance_mode_admin' => 'Maintenance mode is enabled. Users cannot sign in.',
     '2fa_authentication_selector' => 'Select a 2 factor authentication method',
     'upload_empty_file' => 'Upload empty file',

includes/language/estonian.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      estonian.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/french.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      french.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/german.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      german.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/greek.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      greek.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/hungarian.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      hungarian.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/italian.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      italian.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/japanese.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      japanese.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/norwegian.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      norwegian.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/polish.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      polish.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/portuguese.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      portuguese.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)
@@ -65,14 +65,14 @@
     'settings_ldap_hosts_tip' => 'The hosts option is an array of IP addresses or host names located on your network that serve an LDAP directory (seprated by a comma). You insert as many servers or as little as you would like depending on your forest (with the minimum of one of course).',
     'base_distiguished_name' => 'Base DN',
     'settings_ldap_bdn_tip' => 'The root distinguished name (DN) to use when running queries against the directory server. Examples: o=example,c=com ; cn=users,dc=ad,dc=example,dc=com',
-    'username' => 'Username',
+    'username' => 'Utilizador',
     'settings_ldap_username_tip' => 'The distinguished name of the user that the application will use when connecting to the directory server. Examples: cn=administrator,cn=users,dc=ad,dc=example,dc=com ; cn=user,dc=domain,dc=name',
-    'settings_ldap_password_tip' => 'The password of the user specified above.',
+    'settings_ldap_password_tip' => 'A palavra-passe do utilizador especificado acima.',
     'settings_ldap_port_tip' => 'Default non secure LDAP port: 389, default secure LDAP port: 636',
-    'undefined' => 'Undefined',
-    'error_cannot_open_file' => 'File cannot be opened',
+    'undefined' => 'Indefinido',
+    'error_cannot_open_file' => 'O ficheiro não pode ser aberto',
     'provide_current_psk_and_click_launch' => 'When ready, click button Launch',
-    'start' => 'Start',
+    'start' => 'Iniciar',
     'data_inconsistency' => 'Data inconsistency found. Please reload the page!',
     'one_time_code_expected' => 'One-Time-Code expected',
     'data_are_missing' => 'Expected data are missing',
@@ -83,13 +83,13 @@
     'ldap_user_password_is_used_for_authentication' => 'User password in LDAP is used for authentication',
     'local_user_password_is_used_for_authentication' => 'User password in Teampass is used for authentication',
     'provide_your_current_password' => 'Provide your current password',
-    'current_password' => 'Current password',
-    'password_is_not_correct' => 'This password is not correct',
+    'current_password' => 'Palavra-passe atual',
+    'password_is_not_correct' => 'Esta palavra-passe não é a correta',
     'ldap_password_change_warning' => 'Your login password has changed since last connection. It is requested to re-encrypt all the keys using this new password. For this operation, please fill in the next field with your previous ldap password. The operation can take several minutes.',
-    'personal_items' => 'Personal items',
+    'personal_items' => 'Itens pessoais',
     'logout_on_going' => 'You will now be logout. Use your new password for being connected from now.',
     'fill_in_fields_and_hit_launch' => 'Provide expected data and hit Launch button',
-    'please_select_a_folder' => 'Please select a folder',
+    'please_select_a_folder' => 'Por favor seleccione uma pasta',
     'user_must_have_login_and_email' => 'User must have a login and an email',
     'user_has_this_role_in_teampass' => 'O utilizador tem esta função no Teampass',
     'select_role_to_create' => 'Seleccione função a criar',
@@ -101,14 +101,14 @@
     'remove_install_folder' => 'Install folder has to be removed',
     'list_users' => 'List users',
     'ldap_synchronization' => 'LDAP synchronization',
-    'in_progress' => 'In progress',
+    'in_progress' => 'Em progresso',
     'clipboard_password_life_duration' => 'Delay before the clipboard is cleared (in seconds)',
     'clipboard_password_life_duration_tip' => 'Permits to define a delay in seconds before which the password copied in clipboard will be cleared from the browser clipboard. Set to 0 to disable.',
     'clipboard_will_be_cleared' => 'Password is now in clipboard. It will soon be cleared...',
     'file_folder_not_accessible' => 'Files folder is not accessible',
     'error_missing_id' => 'An error occurred. Missing ID ... ?',
     'error_folder_not_allowed' => 'Selected folder is not allowed',
-    'all_fields_mandatory' => 'All fields are mandatory',
+    'all_fields_mandatory' => 'Todos os campos são obrigatórios',
     'history_insert_entry' => 'Insert in History',
     'clear_form' => 'Clear form',
     'info_about_history_insertion' => 'Caution - This feature permits you to insert manually an event in the item history log. Once added it will not be possible to remove it. Also notice that your account id will be associated to this new entry.',
@@ -126,14 +126,14 @@
     'password_overview_delay_tip' => 'This setting permits to define the number of seconds the clear password will be displayed to the user.',
     'select_date_showing_items_expiration' => 'List the expired items at date',
     'renewal_page_info' => 'This page permits to identify the items currently expired or expiring in next period.',
-    'filename' => 'Filename',
-    'exported_to_file' => 'Exported to file',
-    'operation_progress' => 'Operation is in progress',
-    'exporting_items' => 'Exporting items',
-    'select_folders_to_export' => 'Select folders to export',
-    'export_format_type' => 'Select the export format type',
-    'export_items' => 'Export items',
-    'loading_item' => 'Loading item',
+    'filename' => 'Nome do ficheiro',
+    'exported_to_file' => 'Exportado para ficheiro',
+    'operation_progress' => 'A operação está em progresso',
+    'exporting_items' => 'A exportar itens',
+    'select_folders_to_export' => 'Seleccione pastas para exportar',
+    'export_format_type' => 'Seleccione o formato de exportação',
+    'export_items' => 'Exportar itens',
+    'loading_item' => 'A carregar item',
     'otv_message' => 'You can share this item with someone without a Teampass account. One-Time-View permits your guest to access basic fields of this item only once without being authenticated in Teampass. Please notice that this link is valid for a period of ##otv_expiration_period##  days. Copy and share the link below.',
     'no_sharekey_found' => 'No key found for this file and your account',
     'otv_link' => 'One-time-view link',
@@ -499,7 +499,7 @@
     'server_time' => 'Server time',
     'settings_tree_counters' => 'Show more counters in folder tree',
     'settings_tree_counters_tip' => 'Enabling shows three numbers next to each folder: number of items in base folder; number of items including subfolders; number of subfolders. Enabling this feature may slow loading of the folder tree pane.',
-    'admin_action_check_pf' => 'Criar pastas pessoas para todos os utilizadores que não têm',
+    'admin_action_check_pf' => 'Criar pastas pessoas para todos os utilizadores que não as têm',
     'enable_personal_folder_feature_tip' => 'Personal folders are a private location for individual user passwords. Password items are encrypted by a user\'s salt key (more secure) or by their password (easier). Enabling this feature does not create the actual folders for existing users - you must also run the create personal folders task.',
     'administrators_only' => 'Administrators only',
     'managers_of' => 'Gestores da função',
@@ -724,7 +724,7 @@
     'level' => 'Nivel',
     'login' => 'Login (se necessário)',
     'mask_pw' => 'Oculta/Mostra a senha',
-    'max_last_items' => 'Maximo de últimos itens visto por um usuários (Padrão é 10)',
+    'max_last_items' => 'Tamanho da lista dos últimos itens vistos (padrão é 10)',
     'minutes' => 'minutos',
     'name' => 'Nome',
     'nb_false_login_attempts' => 'Número de tentativas de login sem sucesso para bloquear a conta (0 é desativado)',
@@ -737,14 +737,14 @@
     'not_allowed_to_see_pw' => 'Você não esta autorizado a ver este item!',
     'not_allowed_to_see_pw_is_expired' => 'Este item esta expirado',
     'not_defined' => 'Não definido',
-    'number_of_used_pw' => 'Número de novas senhas que o usuário precisa ingressar antes de usar uma senha antiga',
+    'number_of_used_pw' => 'Número de palavras-passe antigas guardadas para evitar reutilização (0 para desativar)',
     'pages' => 'Paginas',
     'pdf_download' => 'Dowload do arquivo',
     'personal_salt_key' => 'Sua senha pessoal \'SALT KEY\'',
     'pw' => 'Senha',
     'pw_generate' => 'Gera',
     'pw_is_expired_-_update_it' => 'Este item expirou! Precisa alterar a senha.',
-    'pw_life_duration' => 'Vida útil da senha de um usuário para expirar (em dia, 0 para desativar)',
+    'pw_life_duration' => 'Palavras-passe de sessão expiram ao fim de xx dias (0 para desativar)',
     'readme_open' => 'Abrir o arquivo README completo',
     'read_only_account' => 'Somente Leitura',
     'restore' => 'Recuperar',
@@ -767,7 +767,7 @@
     'settings_ldap_ssl' => 'Usar SSL (LDAPS)',
     'settings_ldap_tls' => 'Use LDAP a traves de TLS',
     'settings_log_accessed' => 'Ativa registros de quem acessou aos itens',
-    'settings_log_connections' => 'Guarda todos os inícios de sessão',
+    'settings_log_connections' => 'Guarda registo de todos os inícios de sessão',
     'settings_maintenance_mode' => 'Coloca TeamPass em modo de manutenção',
     'settings_manager_edit' => 'Os Gerenciadores podem editar e apagar itens que estão autorizados a ver',
     'settings_printing' => 'Habilita a opção de imprimir arquivos PDF',

includes/language/portuguese_br.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      portuguese_br.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/romanian.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      romanian.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/russian.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      russian.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)

includes/language/spanish.php

@@ -7,7 +7,7 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * ---
  * @project   Teampass
- * @version   3.0.0.22
+ * @version   3.0.0.23
  * @file      spanish.php
  * ---
  * @author    Nils Laumaillé (nils@teampass.net)
@@ -447,7 +447,7 @@
     'api_whitelist_ips' => 'Lista blanca de IPs de la API',
     'api_whitelist_ips_tip' => 'Si no hay direcciones IP de clientes de la API enumeradas explícitamente aquí, cualquier dirección IP está autorizada.',
     'email_share_item_subject' => '[TeamPass] Un elemento ha sido compartido con usted',
-    'email_share_item_mail' => 'Hola,<br><br><u>#tp_user#</u> ha compartido con usted el elemento <b>#tp_item#</b><br>Pulse <a href=\'#tp_link#\'>aquí</a> para acceder.<br><br>Saludos.',
+    'email_share_item_mail' => 'Hola,<br><br><u>#tp_user#</u> ha compartido con usted el elemento <b>#tp_item#</b><br>Pulse <a href="#tp_link#">aquí</a> para acceder.<br><br>Saludos.',
     'index_maintenance_mode_admin' => 'Modo de mantenimiento activado. En este momento los usuarios no pueden acceder a TeamPass.',
     '2fa_authentication_selector' => 'Select a 2 factor authenticator method',
     'upload_empty_file' => 'Upload empty file',